 |
Apache2Triad Help, Support and Development
The apache2triad help , support and development forums
|
| View previous topic :: View next topic |
| Author |
Message |
furious angel
Joined: 21 Jul 2006
Posts: 16
|
| Posted: Wed Nov 08, 2006 1:26 am Post subject: how can you lock off a scripts directory? |
|
|
hey,
so i just created this complex script to control navigation animations for my page but i see that just anyone can download the sourcecode, ripping me off of hours of work.
is it possible through conf or something to essentially stop downloads of the sourcecode.
eg i want to stop downloading of everything in www.mydomain.com/scripts yet i still want the pages to be able to access them.
ive tried a couple of the different security techniques on here but they dont seem to work, perhaps my syntaxt is off.
little help?
ben |
|
| Back to top |
|
Joshua Meadows (DemoRic)
Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas
|
| Posted: Wed Nov 08, 2006 2:04 am Post subject: |
|
|
search your config your cgi-bin, and that setup will give you what you are wanting.
Also you can place the actual scripts outside of your htdocs area, or areas where browsing is prevented, and have them 'included' in another script, or html.
Lastly, you can scramble/encode/obfuscate your scripts before placing them in a published area of your server. |
|
| Back to top |
|
furious angel
Joined: 21 Jul 2006
Posts: 16
|
| Posted: Wed Nov 08, 2006 2:21 am Post subject: |
|
|
thanks josh,
however i may need some help, the instructions in the config are somewhat cryptic...
im assuming you mean this place in the httpd.conf
Code: # ScriptAlias: This controls which directories contain server scripts.
# ScriptAliases are essentially the same as Aliases, except that
# documents in the realname directory are treated as applications and
# run by the server when requested rather than as documents sent to the client.
# The same rules about trailing "/" apply to ScriptAlias directives as to
# Alias.
#
#ScriptAlias /cgi-bin/ "C:/apache2triad/htdocs/cgi-bin/"
#
# "C:/apache2triad/htdocs/cgi-bin" should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
#<Directory "C:/apache2triad/htdocs/cgi-bin">
# AllowOverride None
# Options ExecCGI
# Order allow,deny
# Allow from all
#</Directory>
if not, please point me in the right direction.
i've got no idea where to start here, i just want to block off www.domain.com/scripts from browsing but still enable pages to use the script. i'm trying to test it with a javascript file at the moment, i am assuming js can be used in this way.
i think a step by step is in order...
cheers,
ben |
|
| Back to top |
|
Joshua Meadows (DemoRic)
Joined: 29 Dec 2004
Posts: 783
Location: S.E. Kansas
|
| Posted: Wed Nov 08, 2006 2:35 am Post subject: |
|
|
That is the correct area, but after reading your post it won't help you to use it.
Javascript is a little different, than php/perl and other serverside scripting languages. It is a client-side script and has to be copied to the client pc before it is ran. The client's pc is the pc that executes the code that your server sends out the source to.
Server side scripts are executed on the host and the results are sent to the client. Your best bet to protect your code is to encode or scramble your javascript. However it is only a deterent.
An encoder example: http://scriptasylum.com/tutorials/encdec/encode-decode.html |
|
| Back to top |
|
furious angel
Joined: 21 Jul 2006
Posts: 16
|
| Posted: Fri Nov 10, 2006 1:36 am Post subject: |
|
|
i figured that was the reason, i already wrote my own javascript enrcypter but i just wanted to see if i could increase security this way.
thanks |
|
| Back to top |
|
| |
|